podafSleepSafe

Sleep safe knowing you're guarded against CSRF, XSS, and other web attacks

Mixins

Guard

Guard against malicious attacks by inspecting HTTP requests.

Classes

ContentTypeGuard

Guards against dodgy Content-Type sniffing by setting a X-Content-Type-Options HTTP response header that tells browsers to trust the Content-Type header.

CspGuard

Guards against Cross Site Scripting (XSS) by setting an Content-Security-Policy HTTP response header that tells browsers to restrict where content can be loaded from.

CsrfTokenGuard

Guards against CSRF attacks by enforcing an customisable Encrypted Token Pattern strategy.

FrameOptionsGuard

Guards against clickjacking by setting an X-Frame-Options HTTP response header that tells browsers not to embed the page in a frame.

ReferrerPolicyGuard

Guards against internal URL leakage by setting a Referrer-Policy HTTP response header that tells browsers how and when to transmit the HTTP Referer (sic) header.

SameOriginGuard

Guards against CSRF attacks by checking that the Referer or Origin HTTP header matches the Host.

SessionHijackGuard

Guards against Session hijacking by caching browser user-agent parameters and checking them on each request.

SleepSafeMiddleware

BedSheet middleware that invokes the Guards.

StrictTransportGuard

Guards against protocol downgrade attacks and Cookie hijacking by setting a Strict-Transport-Security HTTP response header that tells browsers to use HTTPS.

XssProtectionGuard

Guards against Cross Site Scripting (XSS) by setting an X-XSS-Protection HTTP response header that tells browsers enable XSS filtering.